<?php

// --------------------------------------------------------------------- //
// FLASH                                                                 //
// Display details for a record V1.0 build 20020520                      //
// --------------------------------------------------------------------- //
// IN: username                                                          //
// OUT: username,firstname,surname,email,company,address,                //
//      telephone, admin, active, expiry, module                         //
// --------------------------------------------------------------------- //

    // connection variables -----------------------------------------------
    $mysqlServer   = "66.226.14.61";
    $mysqlUser     = "timescape";
    $mysqlPassword = "ducati748";
    $mysqlDatabase = "timescape";
    $mysqlTable    = "german";

    // generic messages ---------------------------------------------------
    $errorConnect     = 'Unable to connect to database server.';
    $errorConnectdb   = 'Unable to use the database.';
    $errorQuery       = 'Error while accessing the database. It may be corrupted.';
    $errorIdentity    = 'Error while establishing your identity.';
    $errorNoUser      = 'No username was supplied.';
    $errorRetrieve    = 'Error retrieving information.';

    $msgDisplay       = 'Information retrieved successfully.';

    // retrieve session variables if they exist ---------------------------
    session_start();
    $inputUser  = isset($HTTP_SESSION_VARS['inputUser']) ? $HTTP_SESSION_VARS['inputUser'] : "";
    $inputPass  = isset($HTTP_SESSION_VARS['inputPass']) ? $HTTP_SESSION_VARS['inputPass'] : "";
    if (!isset($PHP_SELF))
        $PHP_SELF = $_SERVER['PHP_SELF'];

    // MySQL queries ------------------------------------------------------
    $verifyAdminQuery = "SELECT
                         admin, active
                         FROM $mysqlTable
                         WHERE username='$inputUser' AND password='$inputPass'";

    // connect to database ------------------------------------------------
    $dblink = @mysql_connect($mysqlServer, $mysqlUser, $mysqlPassword);
    if ($dblink == false)
    {
        echo "&display=false&message=$errorConnect&";
        exit;
    }

    if (@mysql_select_db($mysqlDatabase) == false)
    {
        echo "&display=false&message=$errorConnectdb&";
        exit;
    }

    // verify that the logged-in user is administrator/active -------------
    $resultQuery = @mysql_query($verifyAdminQuery);
    if ($resultQuery == false)
    {
        echo "&display=false&message=$errorIdentity&";
        exit;
    }
    $numberOfUsers = mysql_num_rows($resultQuery);
    if ($numberOfUsers != 1)
    {
        echo "&display=false&message=$errorIdentity&";
        exit;
    }
    $security = mysql_fetch_array($resultQuery);
    if (($security['admin'] != 'Y') || ($security['active'] != 'Y'))
    {
        echo "&display=false&message=$errorIdentity&";
        exit;
    }

    // retrieve new user values if they were submitted previously ---------

    if (!isset($HTTP_GET_VARS['username']))
    {
        echo "&display=false&message=$errorNoUser&";
        exit;
    }

    $username = $HTTP_GET_VARS['username'];

    $retrieveQuery = "SELECT
                      username,
                      firstname,
                      surname,
                      email,
                      company,
                      address,
                      telephone,
                      admin,
                      active,
                      expiry,
                      module
                      FROM $mysqlTable
                      WHERE username='$username'";

    $resultQuery = @mysql_query($retrieveQuery);
    if ($resultQuery == false)
    {
        echo "&display=false&message=$errorRetrieve&";
        exit;
    }
        $numberOfUsers = mysql_num_rows($resultQuery);
        if ($numberOfUsers != 1)
    {
        echo "&display=false&message=$errorRetrieve&";
        exit;
    }

    $row = mysql_fetch_array($resultQuery);
    $username  = isset($row['username'])  ? rawurlencode($row['username'])  : "";
    $firstname = isset($row['firstname']) ? rawurlencode($row['firstname']) : "";
    $surname   = isset($row['surname'])   ? rawurlencode($row['surname'])   : "";
    $email     = isset($row['email'])     ? rawurlencode($row['email'])     : "";
    $company   = isset($row['company'])   ? rawurlencode($row['company'])   : "";
    $address   = isset($row['address'])   ? rawurlencode($row['address'])   : "";
    $telephone = isset($row['telephone']) ? rawurlencode($row['telephone']) : "";
    $admin     = isset($row['admin'])     ? $row['admin']     : "";
    $adminStr  = ($admin == "Y")          ? "administrator"   : "user";
    $active    = isset($row['active'])    ? $row['active']    : "";
    $activeStr = ($active == "Y")         ? "active"          : "disabled";
    $expiry    = isset($row['expiry'])    ? $row['expiry']    : "";
    $module    = isset($row['module'])    ? $row['module']    : "";

    echo "&display=true&\n";
    echo "&message=$msgDisplay&\n";
    echo "&username=$username&\n";
    echo "&firstname=$firstname&\n";
    echo "&surname=$surname&\n";
    echo "&email=$email&\n";
    echo "&company=$company&\n";
    echo "&address=$address&\n";
    echo "&telephone=$telephone&\n";
    echo "&admin=$adminStr&\n";
    echo "&active=$activeStr&\n";
    echo "&expiry=$expiry&\n";
    echo "&module=$module&\n";

?>